Hi all, my first time on this forum. I am a network engineer student in college and need some help. I have discovered an FTP attack on my web server. This is not the first time this has happened. I want to somehow take action against these guys. Below is a capture of the packets going into my server:
http://www.mediafire.com/?nm4zzzin2jz
Just use a program like Wireshark to read it (free multi-platform packet reader)
Here is the info I was able to pull up on the guy (and my info says its not behind a proxy):
inetnum: 211.152.32.0 - 211.152.63.255
netname: SH-21VIANET
country: CN
descr: 21vianet (shanghai), Inc.
descr: 129 Yan An Rd(W.) Shanghai, China
admin-c: XL442-AP
tech-c: YW605-AP
status: ALLOCATED PORTABLE
changed: ipas@cnnic.cn 20060224
mnt-by: MAINT-CNNIC-AP
mnt-lower: MAINT-CNNIC-AP
mnt-routes: MAINT-CNCGROUP-RR
source: APNIC

The server wasn't up for 2 days when I noticed FTP attack attempts from China. I don't know what their deal is, but simply blocking the IP range seems to have worked so far.. until I get a honeypot setup